Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


.HakunaMatata Files Virus (Restore Files)

.HakunaMatata file virus, also known as HakunaMatata ransomware, is a ransomware infection that encrypts the victim’s files and appends the .HakunaMatata extension once the encryption is finalized. The cryptovirus will then display a ransom note containing instructions on the payment process. As usual, the ransom is demanded in Bitcoin, and this time it is reported to be 0.5 Bitcoin.

Threat Summary

Name .HakunaMatata File Virus
Type Ransomware, File Virus
Short Description The file virus encrypts files on a victim’s computer likely using RSA-2048 and AES-256 bit encryption.
Symptoms The file virus will encrypt the targeted files and append the .HakunaMatata extension on each of them once the encryption process is finished.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .HakunaMatata File Virus

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss .HakunaMatata File Virus.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.


.HakunaMatata File Virus Distribution

The file virus can infect a victim’s computer relying on various methods. The payload file which has the malicious script is highly likely spread online. The payload dropper may be scattered on social media websites and file-sharing networks. It could also be “bundled” within freeware packages. For the security of your own files, it’s highly recommended that you don’t open unknown files, including email attachments.


.HakunaMatata File Virus Technical Description

Keep in mind that the .HakunaMatata file virus could alter the Windows Registry so that it becomes persistent. New registry entries may be added that will launch the file virus automatically upon every reboot of the system.

Once the encryption process has finished, the ransomware virus will display a ransom note on the desktop stating its demands such as amount of ransom and means of payment. Security research shows that the ransom note is located in a file dubbed Recover files yako.html. The “yako” word means “yours” in Swahili.

This is the text from the ransom note:

Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.

To get in touch you should use the Bitmessage system,
You can download the Bitmessage software at https://bitmessage.org/
After installation you should send a message to the address
Bitmsg: BM-2cWcp***
If you prefer you can send your Bitmenssages from a web browser
Through the webpage https://bitmsg.me this is certainly the most practical method!
Below is a tutorial on how to send bitmessage via web browser: https://bitmsg.me/
1 B° Open in your browser the link
https://bitmsg.me/users/sign_up
Make the registration by entering name email and password.
2 B° You must confirm the registration, return to your email and follow the instructions that were sent.
3 B° Return to site sign in
https://bitmsg.me/users/sign_in
4 B° Click the Create Random address button.
5 B° Click the New massage button
6 B° Sending message
To: Enter address: BM-2cWcp***
Subject: Enter your key: afe299***
Menssage: Describe what you think necessary
Click the Send message button.
Your message will be received and answered as soon as possible!.
Send message to: BM-2cWcp***
Your Key: afe299***

The ransom demanded by the operators of .HakunaMatata file virus is 0.5 Bitcoin. Supposedly, cybercriminals would send the decryption key for the encrypted files so that the victim can restore them. Unfortunately, more often than not, cybercriminals accepts the payments and never send the decryption key. That is why security researchers never recommend paying the ransom. Instead, alternative recovery methods can be attempted.

Regarding the file extensions the file virus targets, no information is available yet. What is known is that targeted files are encrypted with the .HakunaMatata extension. According to the ransom note, the encryption algorithm applied by the virus is a combination of 2048-bit RSA and 256-bit AES.

Lastly, recent ransomware infections tend to delete the Shadow Volume Copies by using the this command in the Command Prompt:

→vssadmin.exe delete shadows /all /Quiet


.HakunaMatata File Virus Removal and File Restoration

If you are an experienced user, you may try and remove the file virus by following the manual instructions given below. In any other case, using an anti-malware program is preferable.

Manually delete .HakunaMatata File Virus from your computer

Note! Substantial notification about the .HakunaMatata File Virus threat: Manual removal of .HakunaMatata File Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .HakunaMatata File Virus files and objects
2.Find malicious files created by .HakunaMatata File Virus on your PC

Automatically remove .HakunaMatata File Virus by downloading an advanced anti-malware program

1. Remove .HakunaMatata File Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .HakunaMatata File Virus
Optional: Using Alternative Anti-Malware Tools

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.